Renew Security Assertion Markup Language (SAML) Certificate for Secure Access (Annual Action Required)

Available Languages

Download Options

  • PDF     (113.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (197.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (163.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:June 24, 2024
Document ID:222068

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the process of SAML Certificate renewal process for Secure Access.

    Problem

    You must update your Identity provider (IdP) with the new Secure Access Security Assertion Markup Language (SAML) certificate before the expiration date (Annually Expired June time frame). Updating this certificate is essential to avoid SAML user authentication failures and loss of Internet access for these users, unless your IDP has already been configured to monitor the Secure Access SAML metadata URL provided below.

    Solution

    Step 1: Verify If your SAML IDP request signature validation, If this option is disabled, no further actions is required. you can skip the rest of the process and continue using the SAML services normally.

    Step 2: If SAML IDP request signature validation, download the new certificate from the Secure Access Documentation Page -> Security Notices -> Security Advisories, Responses and Notices -> (Secure Access Notification - SAML Authentication Certificate Expiring).

    Step 3:  Login to your SAML IDP, and replace the current SAML Certificate.

    Azure SAML Certificate Settings

    This is an Example of replacing Azure SAML IDP Certificate..

    Step 1: Login to Azure Portal.

    Step 2: Find your SAML SSO Profile and Click on Edit.

    Step 3: Verify you have Certificate signing request validation under (Single Sign On) settings.

    A. Validation is Disabled (No Actions Required):

    Validation Option Disabled

    B. Validation is Enabled (replacing certificate is required)

    Validation Option Enabled

    Step 4: Edit the Verification certificate option.

    Step 5: Upload the new SAML Certificate which can be found in the announcement referenced in (Secure Access Documentation Page).

    SAML Certificate Updated

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    24-Jun-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Fuad Al Asouli
      TAC

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products